Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
heriherwanto
New Contributor III

WSSO FortiAuthenticator and Fortigate without FortiAP

Dear All

 

I'm using FortiAuthenticator as Radius and Fortigate as Internet sharing.

I need to allow some group on FortiAuthenticator to use the internet without web login, just Wifi single sign on. If success login on Wifi then Internet automatically active.

 

Here is the reference that I use.

 

https://docs.fortinet.com/document/fortiauthenticator/6.2.0/cookbook/644897/wifi-with-wsso-using-for...

 

The problem is I cannot use the reference with other brand such as tp-link, Dlink, mikrotik or other brand.

On the reference is use FortiAP.

 

I have tried many time, but always failed, when success login with Wifi then automatically appear login form on browser. 

 

Is there anyone here have a experience to use WSSO without FortiAP.

 

Please let me know, if anybody can help me.

 

 Regards,

Heri

14 REPLIES 14
heriherwanto

Dear Graham

 

I've just tested with local group and LDAP group, but still doesn't work.

I think this is because I still use Firewall Group on Fortigate. Firewall user group provide access to firewall policies that require authentication. I must use FSSO or RSSO to use Single Sign on through Wifi.

If you have a reference, please let me know.

 

Best Regards,

Heri

gfleming

Yes of course... sorry this won't work without a FortiAP since the FortiAP would use the FortiGate as the RADIUS client. Right now you have a different AP acting as RADIUS client so that attributes are not being sent to the FortiGate. Sorry for misleading you!

 

In this case I think the best thing to do is configure RSSO: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/85730/radius-single-sign-on-rsso-agent

Cheers,
Graham
heriherwanto

Dear Graham

 

Thank you for your information.

Is it possible if we using Different AP with WIndows NPS and fortigate.

Can we implement WSSO with this configure.

 

https://docs.fortinet.com/document/fortiap/6.4.0/fortiwifi-and-fortiap-cookbook/414919/wifi-with-wss...

 

Should we use FortiAP also with this alternative.

 

Regards,

Heri

 

 

gfleming

Unfortunately WSSO requires FortiAP as that is the only way to make Fortigate the RADIUS client which then allows it to receive the RADIUS attributes. Changing RADIUS to NPS will not help. 

You should consider RSSO as posted above.

 

or you could look at doing FSSO too… 

Cheers,
Graham
heriherwanto

Dear Graham

 

Thank you for your suggestion.

 

Best Regards,

Heri

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors